EP2018019B1 - Procédé et système d'acquisition d'un objet de droits - Google Patents

Procédé et système d'acquisition d'un objet de droits Download PDF

Info

Publication number
EP2018019B1
EP2018019B1 EP08157047.5A EP08157047A EP2018019B1 EP 2018019 B1 EP2018019 B1 EP 2018019B1 EP 08157047 A EP08157047 A EP 08157047A EP 2018019 B1 EP2018019 B1 EP 2018019B1
Authority
EP
European Patent Office
Prior art keywords
rights
issuer
request message
mobile terminal
rights object
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
EP08157047.5A
Other languages
German (de)
English (en)
Other versions
EP2018019A1 (fr
Inventor
Kyung Keun Lee
Jong Kerl Lee
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Samsung Electronics Co Ltd
Original Assignee
Samsung Electronics Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Samsung Electronics Co Ltd filed Critical Samsung Electronics Co Ltd
Publication of EP2018019A1 publication Critical patent/EP2018019A1/fr
Application granted granted Critical
Publication of EP2018019B1 publication Critical patent/EP2018019B1/fr
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/101Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measures for digital rights management

Definitions

  • the present invention relates to a Digital Right Management (DRM) system for use with mobile terminals and, in particular, to a batch rights objects (ROs) acquisition method and system which enables a mobile terminal to acquire multiple rights objects in a batch processing manner.
  • DRM Digital Right Management
  • ROs batch rights objects
  • DRM Digital Rights Management
  • the DRM is specified to provide a controlled consumption of digital contents and to protect the intellectual property right of the authors and the content providers.
  • encrypted DRM contents can be freely accessed and downloaded.
  • a license called Rights Object (RO) is required for decoding the encrypted DRM contents.
  • RO Rights Object
  • DRM technologies attempt to protect the digital contents through all the phases of creation, distribution, use, and abrogation; and restricts access and usage rights of the user on the digital contents.
  • DRM allows the user having a valid encryption key such as RO to decode the encrypted digital content such that the digital content can be protected even when being illegally distributed.
  • the RO is a container used in the OMA DRM system, which is an open DRM standard invented by the Open Mobile Alliance (OMA), for carrying the license key to decrypt the corresponding DRM contents.
  • OMA Open Mobile Alliance
  • the RO is issued by a Right Issuer (RI) and purchased by the end user. Since the digital content and corresponding RO are delivered in a detached manner, the usage of the downloaded content is restricted to the user who acquired the corresponding RO.
  • the RO is a collection of Permission, Constraints, and other attributes that define under what circumstances access is granted to, and what usages are defined for, DRM content object.
  • the usage constraints include Count, DateTime, Interval, Timed-Count, Accumulated, and Individual.
  • the constraints are stored in a specific field of the RO.
  • the RO may specify the usage for an MP3 file with the count constraint value set to "10".
  • the MP3 file can be played 10 times and the count is decremented by 1 whenever the MP3 file is played. If the count value becomes "0", the usage right on the MP3 file expires. In order to maintain the usage right on the MP3 file, the corresponding RO should be updated.
  • FIGURE 1 is a diagram illustrating RO delivery procedure in a conventional DRM system.
  • a mobile terminal 101 transmits a content request message (105) to content server 102, and the content server 102 transmits a corresponding content 106 in response to the content request message 105.
  • the requested content is a DRM protected content
  • the content is encrypted with an encryption key and scheme specified by the DRM and transmitted in a DRM format having the constraints (e.g., usage rule, the number of times to be played, and duration).
  • the mobile terminal 101 transmits a license request message 107 to a Right Issuer (RI) 103, and the RI 103 transmits the corresponding license 108 to the mobile terminal 101 in response to the license request message.
  • RI Right Issuer
  • the license is a usage right on the content which includes a decryption key and usage constraint information.
  • the mobile terminal 101 should acquire the usage right for consuming the content. Accordingly, the RI 103 checks whether the identity of the user of the mobile terminal 101 is valid. If it is determined that the user is valid, the RI 103 transmits the license to the mobile terminal 101. If the license is received from the RI 103, the mobile terminal 101 can play the content using the license.
  • the decryption key and usage constraint information is extracted from the license by a DRM client application installed in the mobile terminal 101. The content is decrypted by using the decryption key and played under the usage constraints specified in the license.
  • the conventional DRM system has a drawback in that the RO acquisition or update process is performed item by item such that it is time consuming and cumbersome to acquire or update multiple ROs. That is, since the ROs required for consuming DRM content objects are purchased one by one, the user should perform the purchasing process repeatedly as many as the number of the DRM content objects, resulting in user inconvenience.
  • US 2004/024688 A1 discloses a digital content distribution and subscription system.
  • the present invention provides a batch RO acquisition method and system of a mobile terminal that is capable of improving protected contents management efficiency by acquiring multiple ROs in a batch processing manner.
  • the present invention provides a batch RO acquisition method and system of a mobile terminal that is capable purchasing and authenticating multiple ROs in a batch processing manner by introducing a broker server.
  • First, second, and third aspects of the invention provide rights object acquisition methods as defined by claims 1, 5 and 6 respectively.
  • fifth and sixth aspects of the invention provide rights object acquisition systems as defined by claims 8, 12, and 13 respectively.
  • FIGURES 2 through 9 discussed below, and the various embodiments used to describe the principles of the present disclosure in this patent document are by way of illustration only and should not be construed in any way to limit the scope of the disclosure. Those skilled in the art will understand that the principles of the present disclosure may be implemented in any suitably arranged communication system.
  • a Rights Object (RO) acquisition method and system is provided.
  • the RO acquisition method and system of the present invention enables a mobile terminal to acquire ROs for multiple Digital Rights Management (DRM) protected content items in an aggregation manner.
  • DRM Digital Rights Management
  • the management processes such as content purchase, RO acquisition and update, and authentication are performed by means of a broker server.
  • the term "RO acquisition” is used in the meaning including "RO update” in order to simplify the explanation.
  • the mobile terminal can be one of the various kinds of devices including cellular phones supporting data and voice communications according to various radio communication standards, Portable Multimedia Player (PMP), MP3 player, Digital Broadcast Receiver, Personal Digital Assistant (PDA), laptop and desktop computer, and their equivalents supporting a wired or wireless communication.
  • PMP Portable Multimedia Player
  • MP3 player Portable Multimedia Player
  • Digital Broadcast Receiver Portable Multimedia Player
  • PDA Personal Digital Assistant
  • FIGURE 2 is a block diagram illustrating a configuration of a mobile terminal according to an exemplary embodiment of the present invention. Although a mobile phone is depicted as the mobile terminal in FIGURE 2 , the present invention is not limited to the mobile phone.
  • the mobile terminal 200 includes a radio frequency (RF) unit 210, a data processing unit 220, an audio processing unit 230, an input unit 240, a memory unit 250, a display unit 260, and a control unit 270.
  • RF radio frequency
  • the RF unit 210 is responsible for radio communication of the mobile terminal 200.
  • the RF unit 210 establishes a radio communication channel with a communication system according to a specific communication scheme. Particularly, the RF unit 210 allows the mobile terminal 200 to exchange control messages with a web server for acquiring the contents and their ROs.
  • the RF unit 210 includes an RF transmitter for up-converting and amplifying the transmission signals and an RF receiver for low-noise amplifying and down-converting the received signals.
  • the RF unit 210 allows the mobile terminal 200 to download DRM contents from a contents server and ROs required for playing the DRM contents from a Rights Issuer (RI) or a Broker server.
  • the RF unit 210 transmits a Right Object Acquisition Protocol (ROAP) Trigger Request and RO Request messages to the RI or Broker server and receives ROAP Trigger message and RO Response message. These messages are described in more detail later.
  • ROAP Right Object Acquisition Protocol
  • the data processing unit 220 is responsible for processing voice data input by the audio processing unit 230, text data input through the input unit 240, and the data incoming from and outgoing to the RF unit 210.
  • the data processing unit 220 may include a modem and a codec.
  • the codec includes a data codec for processing packet data and an audio codec for processing audio data.
  • the audio processing unit 230 processes the audio signal output by the data processing unit 220 so as to output the audio signal through a speaker (SPK) in the form of audible sound and processes the audio signal input through a microphone (MIC) so as to output the processed audio signal to the data processing unit 220.
  • the audio processing unit 230 outputs audio data including voice data through the speaker (SPK) in the form of audible sound and outputs the audio signal including voice input through the microphone (MIC) to the data processing unit 220 in the form of audio data.
  • the audio processing unit 230 is configured to play the audio data contained in the DRM contents selected by a user.
  • the input unit 240 receives various alphanumeric key inputs and function key inputs for configuring and controlling functions of the mobile terminal 200 and transfers the key sequences corresponding to the key inputs to the control unit 270.
  • the input unit 240 can be implemented with at least one of a touchpad, a normal keypad, a touchscreen, a qwerty keyboard, and specific types of function keys. Particularly, the input unit 240 generates a key signal for selecting an item listed on a list (DRM contents list or ROs list by content item) displayed on the display unit 260 and transfers the key signal to the control unit 270. Of course, multiple items can be selected from the list in response to the user's requests.
  • the memory unit 250 stores at least one application for executing functions associated with the RO acquisition method and user data collected from external devices (contents server, RI, Broker server, and another mobile terminal).
  • the user data include phonebook data, still and motion picture files, audio files, other types of digital contents, DRM-protected contents, and RO.
  • the application can be a program associated with playback of the user data. Particularly, the application can be a content management program for managing and controlling the use of DRM-protected contents.
  • the memory unit 250 may include at least one buffer for buffering user data generated during the operation of the application.
  • the memory unit 250 stores at least one kind of content information associated with each DRM content object.
  • the content information includes a size, a data type, a title, a playable period, a playable number of times, content-related information, a usage restriction, etc.
  • the memory unit stores ROs of each DRM content object.
  • the display unit 260 displays screens representing the data generated by the application and key manipulation status and preset function information.
  • the display unit 260 can be implemented with a Liquid Crystal Display (LCD).
  • the LCD may have touchscreen functionality.
  • the display unit 260 operates as a part of the input unit 240.
  • the control unit 270 controls general operations of the mobile terminal 200 and signaling among the internal components of the mobile terminal 200.
  • the control unit 270 controls interoperation of the data processing unit 220, audio processing unit 230, input unit 240, memory unit 250, and display unit 260.
  • the control unit 270 may include the data processing unit 220.
  • control unit 270 controls package purchase of multiple DRM contents items and batch RO acquisition for the DRM contents items.
  • the control unit 270 also controls display of the DRM contents item list, presentation of the items selected from the DRM contents item list, and purchase information of the DRM contents items and ROs.
  • the control unit 270 also controls generation of the ROAP Trigger Request message and RO Request message.
  • the mobile terminal 200 may further include at least one of camera module, electric settlement module, Bluetooth module, battery module, and digital broadcast receiver module, and other optional function modules. Also, any of the internal components constituting the mobile terminal may be omitted or replaced with an equivalent functional component according to the functional design of the mobile terminal.
  • DRM-RO a method for acquiring ROs of DRM contents items
  • FIGURE 3 is a message flow diagram illustrating a batch DRM-RO acquisition method according to an exemplary embodiment of the present invention.
  • the mobile terminal 200 if an RO acquisition command is input for acquiring ROs, the mobile terminal 200 generates an ROAP Trigger Request message and sends the ROAP Trigger Request message to the RI 250 (S301).
  • the ROAP Trigger Request message includes at least one content identifier (CID).
  • the ROAP Trigger Request message also includes a device identifier (DeID) of the mobile terminal 200 and at least one constraint for restricting the usage rights of at least one DRM content object.
  • the ROAP Trigger Request message may further includes parent license information.
  • the ROAP Trigger Request message may include an identifier of the music album A in addition to the identifiers of the track 1 and track 3. In this case, the ROs for the track 1 and track 3 can be acquired only with the RO for the album A afterward.
  • either track 1 and track 3 can be played up to a total usage times restricted by a constraint of the parent RO.
  • different parent licenses can be applied.
  • the user may create a content list (e.g., my list and favorite list) as a parent group.
  • the ROs of the content items listed in the content list are dependent on a group rights object for the content list.
  • the DRM content object can be a content item that is received from another device (for example, another terminal or server) but has not acquired corresponding RO or of which RO has expired.
  • the mobile terminal 200 selects an RI for purchasing an RO of at least one DRM content object with reference to an RI's Uniform Resource Location (URL) information contained in the header information of the DRM content object.
  • the ROAP Trigger Request message is sent to the RI URL.
  • DCF DRM Content Format
  • FIGURE 4 is a diagram illustrating a structure of DCF for use in a batch RO acquisition method according to an exemplary embodiment of the present invention.
  • a BatchRIURL 410 is an address of RI which supports a batch RO acquisition, and a BatchRIURLLength 420 indicates a length of the BatchRIURL 410.
  • the batch RI information field is added to the Common Header of the DCF as a mandatory field or as an extended header field which is one of mandatory fields contained in the common header.
  • the mobile terminal 200 selects an RI for acquiring the ROs for at least one DRM contents item with reference to the RI URL address previously stored in the memory unit 250 and attempts to access the RI. Also, the mobile terminal 200 can request a Batch RI URL for acquiring the DRM ROs to the RI 250 and attempts to access the RI URL responded by the RI 250.
  • the RI URL received from the RI 250 is stored and used for acquiring the ROs later in an aggregate manner.
  • the RI 250 If the ROAP Trigger Request message is received, the RI 250 generates an ROAP Trigger message and sends the ROAP Trigger message to the mobile terminal 200 (S303).
  • the ROAP Trigger message may include price information on the ROs of the content items indicated by the ROAP Trigger Request message. Also, the ROAP Trigger message includes one or more roIDs to identify the ROs corresponding to the content items.
  • the ROAP trigger message may include at least one of roapURL, RI ID, RI Alias, Domain ID, Domain Alias, and Nonce.
  • the ROAP Trigger request message and ROAP Trigger message can be sent in the form a HTTP GET or a HTTP POST (see RO acquisition mechanism of OMA DRM v2.0).
  • the message length may increase, whereby HTTP POST prefers to send the ROAP messages.
  • the mobile terminal 200 displays information on the purchase prices of the ROs of the DRM contents items on the display unit with reference to the information contained in the ROAP trigger message.
  • the mobile terminal 200 generates a RO Request message and transmits the RO Request message to the RI 250 (S305).
  • the DRM content objects indicated by the RO Request message may be identical with those indicated by the ROAP Trigger Request message or not. That is, the list of ROs can be modified by the user.
  • the RI 250 issues the ROs indicated by the RO Request message and transmits an RO Response message (S307) containing the ROs to the mobile terminal 200.
  • the mobile terminal 200 Upon receiving the RO Response message, the mobile terminal 200 extracts ROs from the RO Response message so as to acquire multiple ROs in an aggregate manner.
  • the RO Response may further include a session ID for establishing a session between the RI 250 and the mobile terminal 200 so as to check whether the RO acquisition is successfully.
  • the mobile terminal 200 establishes a session with the RI 250 on the basis of the session ID and transmits an RO Confirm Request message to the RI 250 in the session.
  • the RO Confirm Request message includes a parameter such as RO Confirm Info for indicating the successful RO acquisition.
  • the RI 250 ends the RO acquisition procedure or retransmits the ROs on the basis of RO Confirm Info. If it is determined that the multiple ROs are successfully delivered, the RI 250 transmits an RO Confirm Response message to the mobile terminal 200.
  • the mobile terminal 200 may perform a web transaction with the RI 250 after transmitting the ROAP Trigger Request message.
  • the permissions and constraints on the use of DRM contents can be negotiated.
  • the RI 250 publishes purchase prices information of the content items listed in the ROAP Trigger Request message, and the mobile terminal transmits the information on the content items that are finally confirmed by the user to the RI 250. If the web transaction is completed by the final user confirmation, the RI 250 may transmit a ROAP Trigger message listing the content items to be delivered to the mobile terminal 200.
  • the batch RO acquisition can be implemented without adding the BatchRIURL field to the DCF structure.
  • FIGURE 5 is a message flow diagram illustrating a batch DRM-RO acquisition method according to another exemplary embodiment of the present invention.
  • the BatchRIURL is not provided in the DCF structure, but, each content item has the URL of RI delivered the content item.
  • the mobile terminal 200 if a batch RO acquisition command is input by the user, the mobile terminal 200 generates a ROAP Trigger Request message containing CIDs of individual DRM content objects and sends the ROAP Trigger Request message to the RI 250.
  • the mobile terminal 200 sends the ROAP Trigger Request message (S501) to the RI 250 with reference to an RI URL of one of multiple DRM content objects.
  • the RI 250 sends a Redirection message notifying a new URL of another RI, which has the group RO transmission capability, to the mobile terminal 200 (S503).
  • the Redirection message can be one of HTTP 302, HTTP 303, and HTTP 307 messages proposed in OMA DRM.
  • the mobile terminal 200 transmits the ROAP Trigger Request message to the RI 300 indicated by the RI URL contained in the Redirection message (S505). Accordingly, the mobile terminal 200 acquires the ROs from the RI 300 in an aggregation manner.
  • the batch RO acquisition method allows the mobile terminal to acquire multiple ROs in the aggregation manner through a signal purchase procedure, resulting in improving user convenience.
  • a multi-RI involved batch RO acquisition method in which individual ROs are acquired from different RIs in a batch manner, is described hereinafter.
  • FIGURE 6 is a schematic diagram illustrating a batch DRM-RO acquisition system according to an exemplary embodiment of the present invention.
  • a batch DRM-RO acquisition system includes a mobile terminal 200, a plurality of RIs 610 to 630, and a Broker server 400 located between the mobile terminal 200 and the arbitrary number of RIs.
  • the Broker server 400 acts as a signal service point for managing processes associated with RO acquisition (message generation and exchange, authentication, and digital signature, etc.).
  • the broker server-involved batch RO acquisition procedure is described hereinafter in more detail with reference to FIGURE 7 .
  • FIGURE 7 is a message flow diagram illustrating a batch RO acquisition method according to another exemplary embodiment of the present invention.
  • the mobile terminal 200 if an RO acquisition command is input, the mobile terminal 200 generates an ROAP Trigger Request message containing a CID list listing CIDs of DRM content objects indicated by the RO acquisition command and transmits the ROAP Trigger Request message to the broker server 400 (S701).
  • the ROAP Trigger Request message is structured identically with those of the other embodiments depicted in FIGURES 3 and 5 .
  • the ROAP Trigger Request message may further include RI URLs of the RIs 610 to 630 that provide the the respective content objects indicated by the CIDs.
  • the broker server 400 extracts the CIDs of the content objects from the ROAP Trigger Request message by RI URL and generates new ROAP Trigger Request messages destined to the RIs 610 to 630 corresponding to the respective RI URLs.
  • the broker server 400 transmits the new ROAP Trigger Request messages to the corresponding RIs 610 to 630 (S703).
  • each new ROAP Trigger Request message contains at least one CID of the content object provided by the RI to which it is destined.
  • Each of the RIs 610 to 630 receives only the new ROAP Trigger Request message having its RI URL.
  • each RI transmits an ROAP Trigger message to the broker server 400 (S705).
  • the ROAP trigger message contains purchase information on the content objects indicated by the CIDs listed on the CID list of extracted from the new ROAP Trigger Request message.
  • the ROAP trigger messages are structured identically with those of the embodiments depicted in FIGURES 3 and 5 .
  • the broker server 400 receives the ROAP Trigger messages transmitted by the RIs 610 to 630 and transmits a new ROAP Trigger message containing total purchase information to the mobile terminal 200 (S707).
  • the total purchase information is created by packaging the purchase information extracted from the ROAP Trigger messages received from the respective RIs.
  • the mobile terminal 200 displays the total purchase information extracted from the ROAP Trigger message on the display unit.
  • the mobile terminal 200 generates an RO Request message containing CIDs of the content objects which is finally decided by the user and transmits the RO Request message to the broker server 400 (S709).
  • the CID list of the ROAP Trigger Request message may be identical with or different from the CID list of the RO Request message. That is, the the CIDs listed on the CID list of the ROAP Trigger Request message can be changed by the user's final decision.
  • FIGURE 7 it is assumed that the CIDs of the DRM content objects to purchase are changed in the RO Request message.
  • the RO Request message transmitted by the mobile terminal 200 is formatted as shown in Table 1.
  • the broker server 400 transmits the RO Request message to at least one of the RIs 610 to 630 according to the RI URLs indicated by the RO request message (S711) .
  • the RIs as destination of the RO Request message are determined by the CIDs of the content objects that are finally decided to be purchased by the user. That is, the broker server 400 extracts the CIDs from the RO Request message transmitted by the mobile terminal 200 and generates individual new RO Request messages destined to the respective RIs.
  • the new request message transmitted by the broker server 400 is formatted as shown in Table 1.
  • the RIs 610 and 620 are determined as the destinations of the new RO Request messages due to the change of content objects to be purchased.
  • the broker sever 400 may authenticate the mobile terminal 200 using the RO Request message transmitted by the mobile terminal 200. The authentication may be performed at the initial connection of the mobile terminal and skipped from then.
  • the RO Request message includes at least one of parameters such as device ID (deviceID), domain ID (domainID), RI ID (riID), nounce, time, RO information (roInfo), certification chain (certificateChain), extensions, and signature.
  • the nonce element is a parameter generated randomly.
  • the signature element is a digital signature of the mobile terminal and it is included in the RO Request message for verifying the mobile terminal.
  • the RIs 610 and 620 received the RO Request messages verify the content object on the basis of the RO Request message. Next, each of the RIs 610 and 620 generates ROs indicated by the RO Request message and transmits a RO Response message containing the ROs to the broker server 400 (S713).
  • the RO Response message transmitted by the RI is formatted as shown in Table 2.
  • the broker server 400 Upon receiving the RO Response messages from the RIs 610 and 620, the broker server 400 extracts the ROs from the RO Response messages.
  • the broker server 400 performs batch processing of the digital signatures for inter-authentication between the mobile terminal 200 and the RIs 610 and 620 and then transmits a new RO Response message generated with reference to the RO Response messages received from the RIs 610 and 620 to the mobile terminal 200 (S715).
  • the RO Response message transmitted by the broker server 400 is formatted as shown in Table 2.
  • the broker server 400 can verify a public key certificate of the mobile terminal 200 using an Online Certificate Status Protocol (OCSP).
  • OCSP is a protocol to verify a public key certificate of the mobile terminal 200 in real time. That is, the OCSP checks whether the public key certificate of the mobile terminal is aborted.
  • CTL Certificate Revocation List
  • the broker server 400 can verify the validity of the public key certificate of the mobile terminal 200 using the OCSP in an initial registration process. Also, public key certificate verification can be performed in response to the request of the broker server 400 or RIs 610 to 630. For example, in a case that a DRM time (a secure time) of a specific content object is not matched with the time of RI (i.e., the difference of the DRM time and the local time of RI or broker server 400 is greater than a threshold value) in the DRM-RO acquisition procedure, the public key certificate of the mobile terminal 200 can be verified. The verification on the public key certificate of the broker server or RI can be performed by exchanging the OCSP Request and OCSP Response messages with an OCSP responder.
  • the mobile terminal 200 received the RO Response message from the broker server 400 extracts the ROs contained in the RO Response message so as to acquire the ROs of the DRM contents in an aggregate manner.
  • the RO Response message transmitted by the RIs 610 to 630 or the broker server 400 is structured in the following format of Table 2.
  • Table 2
  • the RO Response message includes at least one of parameter such as deviceID, riID, nonce, protectedRO, certificateChain, ocspResponse, and signature.
  • the RO Response transmitted by the broker server may further include a broker server ID (brokerID).
  • the brokerID can be replaced by the riID.
  • the nonce element is a random value designated by the RI and can be omitted.
  • the signature element is a digital signature of the RI and it can be used in the authentication procedure.
  • the protected RO may include a plurality of protected ROs. That is the RO Response message contains at least one RO for at least one DRM content object indicated by the RO requested message.
  • the RO Response message may include protected ROs in the form of "protectedRO" elements for respective DRM content objects, and each protectedRO includes at least one "Permission” element specifying the actual usage of the content object and at least one "constraint” element for restricting the permission on the usage of the content object. That is, the "constraint” may be dependent on the "permission.”
  • the permission element may be one of "play”, “display”, “execute”, “print”, and "export”
  • the constraint element may be one of "count”, “timed-count”, “datetime”, “interval", “individual”, and "system.”
  • the RO Response messages transmitted by the broker server 400 and the RIs 610 to 630 carry the protected ROs without additional security process. If the broker server 400 and the RIs 610 to 630 are not authenticated with each other (i.e., Insecure communication is performed), a Mutual authentication process may be performed between the broker server 400 and the RIs 610 to 630.
  • the digital signature of the broker server 400 is verified as following process.
  • the broker server 400 transmits an RO Response message carrying only its own signature to the mobile terminal 200.
  • the broker server 400 verifies the digital signatures of the RIs 610 to 630 and transmits an RO Response message containing its signature as well as the digital signature of the RIs 610 to 630.
  • the digital signatures of all the RIs 610 to 630 are contained in the RO Response message.
  • the message format of the RO Response message may be changed.
  • the broker server 400 or a specific RI reports the information on the RO failed to receive and the reason of the RO acquisition failure. If the acquisition failure message is received from the broker server 400, the mobile terminal 200 outputs an alert such as an acquisition failure information or acquisition failure alarm.
  • the broker server 400 performs a mutual authentication by verify the digital signatures of the mobile terminal 200 and the RIs 610 to 630.
  • This kind of architecture relieves the mobile terminal 200 from verifying every RI individually since the mobile terminal 200 verifies only the digital signature of the broker server 400.
  • the mobile terminal may perform a web transaction with the broker server 400 after transmitting the ROAP Trigger Request message.
  • the broker server 400 receives the purchase information of the content objects from the respective RIs 610 and 630 and publishes the information on a webpage, and the mobile terminal displays the purchase information on the display unit.
  • the user can decide the values of the permissions and constraints of the ROs corresponding to the content objects.
  • the broker server 400 publishes the purchase information on a web page
  • the mobile terminal 200 composes a purchase list in response to the user input for selecting the final content objects to be purchased.
  • the broker server 400 generates at least one ROAP Trigger Request message on the basis of the purchase list received from the mobile terminal 200 and transmits the ROAP Trigger Request message to at least one RI.
  • the broker server-involved batch RO acquisition architecture and method are described with reference to FIGURES 6 and 7 , the present invention is not limited thereto.
  • the batch RO acquisition architecture and method can be accomplished by embedding the functionality of the broker server within the respective RIs without an additional broker server.
  • a batch RO acquisition system and method without engagement of the broker server is described hereinafter.
  • FIGURE 8 is a schematic block diagram illustrating a batch RO acquisition system according to another exemplary embodiment of the present invention.
  • the batch RO acquisition system is deployed in a ring network topology.
  • a mobile terminal 200 transmits an RO Request message to the first RI 810.
  • the RO Request message may contain at least one RI URL including the URL of the first RI 810 that provides the CIDs of the content objects to be purchased.
  • the mobile terminal 200 extracts at least one CID and at least one RI URL which provides the CID and transmits the RO Request message to the RI URL (in FIGURE 8 , the URL of the first RI 810).
  • one of the RI URLs is selected according to a preset user configuration. That is, the RI URL can be selected randomly, in an order of preset priority, in an ascendant or descendent order of the RIs, or the like.
  • the first RI 810 received the RO Request message performs the following processes:
  • the first RI 810 authenticates the mobile terminal 200 and, if the mobile terminal passes the authentication process, generates at least one RO and adds its signature to the RO.
  • the authentication process can be performed using the OCSP.
  • the authentication can be performed in an initial registration of the mobile terminal or in response to a request of the RI. For example, in a case that the DRM time of a specific content object is different from the device time of the RI (i.e., the difference between the DRM time and the RI time is greater than a predetermined value), the RI may request re-authentication.
  • the authentication of the mobile terminal may be performed by exchanging the OCSP Request message and OCSP Response message between the RI and an OCSP Responder.
  • the first RI 810 creates an RO Response message containing the information on the RO and its signature.
  • the first RI 810 transmits the RO Request message to one of the RI URLs (i.e., the second RI 820) contained in the RO Request message.
  • the first RI 810 may transmit the RO Response message together with the RO Request message.
  • the first RI 810 may delete its URL from the RO Request message before transmitting the RO Request message to the second RI 820.
  • the second RI 820 performs the following processes:
  • the second RI 820 performs authentication of the mobile terminal 200 and, if the mobile terminal passes the authentication test, creates at least one RO and adds its signature to the RO.
  • the second RI 820 performs the authentication of the first RI 810.
  • the authentication process on the mobile terminal 200 may skipped. That is, since the mobile terminal 200 is authenticated by the first RI 810, the second RI 820 skips the authentication of the mobile terminal 200 in trust of the authentication by the first RI 810. In this case, the first RI 810 informs the second RI 820 of the authentication of the mobile terminal 200, and the second RI 820 checks whether the RO Request message is received from the mobile terminal 200 or another RI.
  • the second RI 820 may add its signature to the RO or replace the signature of the first RI 810 with its own signature.
  • the second RI 820 creates an RO Response message containing the information of the RO and at least one signature. Sequentially, the second RI 820 transmits the RO Request message to one of RI URLs contained in the RO Request message (i.e., the third RI 830) . At this time, the RO Response message is transmitted together with the RO Request message. The second RI 820 may delete its URL from the RO Request message before transmitting to the third RI 830.
  • the third RI 830 and N' th RI 840 perform the identical procedure carried out by the second RI 820.
  • the N' th RI 840 recognizes that there is no other RI to transmit the RO Request message and transmits an RO Response message containing the ROs issued by previous RIs and/or by itself and at least one signature to the mobile terminal 200.
  • the N' th RI 840 can recognize itself as the final RI by checking the RI URLs contained in the RO Request message since the RO Request message received by the final RI containing only one RI URL (when the previous RIs delete their RI URL from the RO Request message). Also, the N' th RI 840 can recognize itself as the final RI by checking the signatures added in the RO Response message.
  • FIGURE 9 is a schematic block diagram illustrating an aggregation RO acquisition system according to another exemplary embodiment of the present invention.
  • the batch RO acquisition system is implemented with a push mechanism.
  • a mobile terminal 200 transmits an RO Request message to a first RI 910.
  • the RO Request message contains at least one RI URL including the URL of the first RI 910 that provides CIDs of the content objects to be purchased.
  • the mobile terminal 200 extracts at least one CID and at least one RI URL which provides the CID of the content object to be purchased and transmits the RO Request message to the RI URL (in FIGURE 9 , the URL of the first RI 910).
  • one of the RI URLs is selected according to a preset user configuration. That is, the RI URL can be selected randomly, in an order of preset priority, in an ascendant or descendent order or the RIs, or the like.
  • the first RI 910 receives the RO Request message transmitted by the mobile terminal 200 and performs authentication of the mobile terminal 200 on the basis of the RO Request message. If the mobile terminal 200 passes the authentication test, the first RI 910 creates a RO Response message containing at least one RO and its signature and transmits the RO Response message to the mobile terminal 200. The first RI 910 also transmits the RO Request message to a second RI 920 with reference to the RI URLs contained in the RO Request message. At this time, the first RI 910 may delete its URL from the RO Request message.
  • the second RI 920 performs authentication of the mobile terminal 200. If the mobile terminal 200 passes the authentication test, the second RI 920 creates an RO Response message containing at least one RO and its signature to the mobile terminal 200. The second RI 920 also may perform authentication of the first RI 910. Next, the second RI 920 transmits the RO Request message to one of the RI URLs contained in the RO Request message (in this embodiment, the third RI 930) . At this time, the second RI 920 may delete its URL from the RO Request message.
  • the authentication of the mobile terminal 200 may be skipped. That is, since the mobile terminal 200 is authenticated by the first RI 910, the second RI 920 skips the authentication of the mobile terminal 200 in trust of the authentication by the first RI 910. In this case, the first RI 910 informs the second RI 920 of the authentication of the mobile terminal 200, and the second RI 920 checks whether the RO Request message is received from the mobile terminal 200 or another RI. The second RI 920 may add its signature to the RO or replace the signature of the first RI 910 with its own signature.
  • the third RI 930 and N' th RI 940 perform the identical procedure carried out by the second RI 920.
  • the N' th RI 940 recognizes that there is no other RI to transmit the RO Request message and transmits an RO Response message.
  • the N' th RI 940 can recognize itself as the final RI by checking the RI URL remained in the RO Request message in which other RI URLs are deleted by previous RIs.
  • At least one of the RIs verifies a public key certificate of the mobile terminal using the OCSP.
  • the OCSP is a protocol to verify the public key certificate of the mobile terminal 200 in real time. That is, the OCSP checks whether the public key certificate of the mobile terminal is aborted.
  • a heterogeneous RI environment is assumed in which the different types of RIs are deployed.
  • the ROAP registration process should be performed.
  • an ROAP registration protocol and a registration protocol is specified.
  • the standard specifies that the registration protocol is executed as following situation.
  • the registration protocol is executed when the mobile terminal attempts to initially contact to the RI server, the exchanged security information is required to be updated, and the DRM time (secure time) is inaccurate.
  • the mobile terminal can register with different types of RIs simultaneously.
  • the mobile terminal also initiates the registration protocol whenever attempting the registration with the respective RIs.
  • the mobile terminal may initiate the registration protocol only one time with the first RI and skip the initiation of the registration protocol with other RIs.
  • the mobile terminal and the RI server exchanges messages such as "Device Hello”, “RI Hello”, “Registration Request”, and Registration Response.”
  • the mobile terminal and the RI perform the registration procedure by exchanging the above messages.
  • These messages are formatted as shown in Tables 3 to 6. Table 3
  • Table 3 shows an exemplary "Device Hello" message firstly sent by the mobile terminal in the ROAP registration protocol.
  • Table 4 shows an exemplary "Device Hello" message firstly sent by the mobile terminal in the ROAP registration protocol.
  • Table 4 shows an exemplary "RI Hello” message which is sent in response to the "Device Hello” message.
  • Table 5 shows an exemplary "RI Hello" message which is sent in response to the "Device Hello” message.
  • Table 5 shows an exemplary "Registration Request” message which is transmitted from the mobile terminal to the RI for requesting registration.
  • Table 6 shows an exemplary "Registration Request" message which is transmitted from the mobile terminal to the RI for requesting registration.
  • Table 6 shows an exemplary "Registration Response” message which is transmitted in response to the "Registration Request” message.
  • the RO acquisition procedure is explained in association with the operations of the mobile terminal, RIs, and broker server.
  • the present invention is not limited thereto.
  • the RO acquisition procedure can be applied between the client terminal such as personal computer and a server, or between two servers.
  • the rights object acquisition method and system of the present invention enables a mobile terminal to acquire multiple rights objects in a batch processing manner, resulting in improvement of user convenience. Also, the rights object acquisition method and system of the present invention can be implemented in association with a quantity discount system so as to improve sales of the digital contents, resulting in development of contents business.
  • the rights object acquisition method and system of the present invention introduces a broker server which provides a single service point for verifying digital signatures of a mobile terminal and RIs so as to reduce complicated authentication processes between a mobile terminal and every RIs, thereby relieving the processing load of the mobile terminal, improving performance of the mobile terminal, and reducing multiple RO acquisition time.
  • the rights object acquisition method and system of the preset invention enables a mobile terminal to acquire multiple ROs without transmitting RO Request messages to all RIs issuing the ROs, resulting in reducing traffic redundancy.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Information Transfer Between Computers (AREA)

Claims (14)

  1. Un procédé d'acquisition d'objets de droits comprenant :
    la transmission d'un message de demande d'objets de droits demandant des objets de droits individuels d'une pluralité d'objets de contenu d'un terminal mobile (200) vers un premier émetteur de droits (810),
    la création, au niveau du premier émetteur de droits, d'un message en réponse d'objets de droits contenant au moins un des objets de droits indiqués par le message de demande d'objets de droits et la signature du premier émetteur de droits,
    la vérification, au niveau du premier émetteur de droits, si une adresse d'un deuxième émetteur de droits (820) est contenue dans le message de demande d'objets de droits,
    la transmission, lorsque l'adresse du deuxième émetteur de droits est contenue dans le message de demande d'objets de droits, du message de demande d'objets de droits et du message en réponse d'objets de droits du premier émetteur de droits (810) vers le deuxième émetteur de droits (820), et
    la transmission, lorsqu'aucune adresse du deuxième émetteur de droits n'est contenue dans le message de demande d'objets de droits, du message en réponse d'objets de droits du premier émetteur de droits (810) vers le terminal mobile (200).
  2. Le procédé d'acquisition d'objets de droits selon la Revendication 1, où le message de demande d'objets de droits contient un ou plusieurs identifiants de contenus et au moins une des URL des émetteurs de droits, chaque émetteur de droits fournissant au moins un des objets de droits indiqués par le message de demande d'objets de droits.
  3. Le procédé d'acquisition d'objets de droits selon la Revendication 2, où le message en réponse d'objets de droits transmis du premier émetteur de droits (810) vers le deuxième émetteur de droits (820) contient des informations d'objets de droits du premier émetteur de droits.
  4. Le procédé d'acquisition d'objets de droits selon la Revendication 2, comprenant en outre la regénération, au niveau du deuxième émetteur de droits (820) recevant le message de demande d'objets de droits et le message en réponse d'objets de droits, du message en réponse d'objets de droits par l'ajout de la signature du deuxième émetteur de droits ou le remplacement de la signature du premier émetteur de droits par la signature du deuxième émetteur de droits.
  5. Un procédé d'acquisition d'objets de droits comprenant :
    la transmission d'un message de demande d'objets de droits demandant des objets de droits d'une pluralité d'objets de contenu d'un terminal mobile (200) vers un premier émetteur de droits (910),
    la transmission, au niveau du premier émetteur de droits (910), du message de demande d'objets de droits vers un deuxième émetteur de droits (920) désigné dans le message de demande d'objets de droits et d'un message en réponse d'objets de droits contenant l'objet de droits d'au moins un objet de contenu et la signature du premier émetteur de droits vers le terminal mobile (200),
    la transmission, au niveau du deuxième émetteur de droits (920) lorsqu'une adresse d'un troisième émetteur de droits (930) est contenue dans le message de demande d'objets de droits, du message de demande d'objets de droits vers le troisième émetteur de droits (930) et d'un message en réponse d'objets de droits contenant au moins un des objets de droits indiqués par le message de demande d'objets de droits et la signature du deuxième émetteur de droits vers le terminal mobile, et
    la transmission, au niveau du deuxième émetteur de droits (920) lorsqu'aucune adresse d'un troisième émetteur de droits n'est contenue dans le message de demande d'objets de droits, d'un message en réponse d'objets de droits contenant au moins un des objets de droits indiqués par le message de demande d'objets de droits vers le terminal mobile.
  6. Un procédé d'acquisition d'objets de droits comprenant :
    la réception, au niveau d'un serveur mandataire (400), d'un premier message de demande d'objets de droits (709) demandant des objets de droits d'une pluralité d'objets de contenu à partir d'un terminal mobile (200),
    la transmission, au niveau du serveur mandataire (400), d'une pluralité de deuxièmes messages de demande d'objets de droits vers un émetteur de droits respectif (610, 620, 630) correspondant à une pluralité d'URL d'émetteurs de droits, les deuxièmes messages de demande d'objets de droits étant générés individuellement en faisant référence à la pluralité d'URL d'émetteurs de droits indiquées par le message de demande d'objets de droits reçu à partir du terminal mobile (200),
    la réception, au niveau du serveur mandataire (400), d'un premier message en réponse d'objets de droits respectif (713) contenant au moins un des objets de droits indiqués par le message de demande d'objets de droits reçu à partir du terminal mobile (200) et une signature de l'émetteur de droits respectif (610, 620, 630), et
    la transmission, du serveur mandataire (400) vers le terminal mobile (200), d'un deuxième message en réponse d'objets de droits (715) créé par la combinaison de la pluralité de premiers messages en réponse d'objet de droits, les premiers messages en réponse d'objet de droits étant reçus individuellement à partir de l'émetteur de droits respectif (610, 620, 630).
  7. Le procédé d'acquisition d'objets de droits selon la Revendication 6, comprenant en outre :
    l'exécution, au niveau du serveur mandataire, d'une authentification du terminal mobile et d'une vérification des premiers messages en réponse d'objet de droits reçus à partir de la pluralité d'émetteurs de droits.
  8. Un système d'acquisition d'objets de droits comprenant :
    un terminal mobile (200),
    un premier émetteur de droits (810), et
    un deuxième émetteur de droits (820),
    où le terminal mobile (200) est adapté de façon à transmettre un message de demande d'objets de droits demandant des objets de droits individuels d'une pluralité d'objets de contenu vers le premier émetteur de droits (810),
    le premier émetteur de droits (810) est adapté de façon à créer un message en réponse d'objets de droits contenant au moins un des objets de droits indiqués par le message de demande d'objets de droits et la signature du premier émetteur de droits en réponse au message de demande d'objets de droits, et
    le premier émetteur de droits est adapté de façon à vérifier une adresse du deuxième émetteur de droits (820) dans le message de demande d'objets de droits et à transmettre, lorsque l'adresse du deuxième émetteur de droits est contenue dans le message de demande d'objets de droits, le message de demande d'objets de droits et le message en réponse d'objets de droits vers le deuxième émetteur de droits (820), et à transmettre, lorsqu'aucune adresse du deuxième émetteur de droits n'est contenue dans le message de demande d'objets de droits, le message en réponse d'objets de droits vers le terminal mobile (200).
  9. Un système selon la Revendication 8, où le message de demande d'objets de droits contient un ou plusieurs identifiants de contenus et au moins une des URL des émetteurs de droits, chaque émetteur de droits fournissant au moins un des objets de droits indiqués par le message de demande d'objets de droits.
  10. Un système selon la Revendication 9, où le message en réponse d'objets de droits transmis du premier émetteur de droits (810) vers le deuxième émetteur de droits (820) contient des informations d'objets de droits du premier émetteur de droits.
  11. Un système selon la Revendication 9, où le deuxième émetteur de droits est adapté de façon à regénérer, en réponse à la réception du message de demande d'objets de droits et du message en réponse d'objets de droits à partir du premier émetteur de droits, le message en réponse d'objets de droits par l'ajout de la signature du deuxième émetteur de droits ou le remplacement de la signature du premier émetteur de droits par la signature du deuxième émetteur de droits.
  12. Un système d'acquisition d'objets de droits comprenant :
    un terminal mobile (200),
    un premier émetteur de droits (910),
    un deuxième émetteur de droits (920), et
    un troisième émetteur de droits (930),
    où le terminal mobile (200) est adapté de façon à transmettre un message de demande d'objets de droits demandant des objets de droits d'une pluralité d'objets de contenu vers le premier émetteur de droits (910),
    le premier émetteur de droits (910) est adapté de façon à transmettre le message de demande d'objets de droits vers le deuxième émetteur de droits (920) si le deuxième émetteur de droits est désigné dans le message de demande d'objets de droits et à transmettre un message en réponse d'objets de droits contenant l'objet de droits d'au moins un objet de contenu et la signature du premier émetteur de droits vers le terminal mobile (200),
    le deuxième émetteur de droits (920) est adapté de façon à transmettre, lorsqu'une adresse du troisième émetteur de droits (930) est contenue dans le message de demande d'objets de droits, le message de demande d'objets de droits vers le troisième émetteur de droits (930) et un message en réponse d'objets de droits contenant au moins un des objets de droits indiqués par le message de demande d'objets de droits et la signature du deuxième émetteur de droits vers le terminal mobile, et
    le deuxième émetteur de droits (920) est adapté de façon à transmettre, lorsqu'aucune adresse du troisième émetteur de droits n'est contenue dans le message de demande d'objets de droits, un message en réponse d'objets de droits contenant au moins un des objets de droits indiqués par le message de demande d'objets de droits vers le terminal mobile.
  13. Un système d'acquisition d'objets de droits comprenant :
    un terminal mobile (200),
    un serveur mandataire (400), et
    une pluralité d'émetteurs de droits (610, 620, 630),
    le terminal mobile (200) est adapté de façon à transmettre un premier message de demande d'objets de droits (709) demandant des objets de droits d'une pluralité d'objets de contenu vers le serveur mandataire (400),
    le serveur mandataire (400) est adapté de façon à transmettre une pluralité de deuxièmes messages de demande d'objets de droits vers un émetteur de droits respectif (610, 620, 630) correspondant à une pluralité d'URL d'émetteurs de droits, les deuxièmes messages de demande d'objets de droits étant générés individuellement en faisant référence à la pluralité d'URL d'émetteurs de droits indiqués par le message de demande d'objets de droits reçu à partir du terminal mobile (200),
    chacun desdits émetteurs de droits (610, 620, 630) est adapté de façon à transmettre un premier message en réponse d'objets de droits respectif (713) vers le serveur mandataire (400), le premier message en réponse d'objets de droits contenant au moins un des objets de droits indiqués par le message de demande d'objets de droits et une signature de l'émetteur de droits respectif (610, 620, 630), et
    le serveur mandataire (400) est adapté de façon à transmettre un deuxième message en réponse d'objets de droits (715) vers le terminal mobile (200), le deuxième message en réponse d'objets de droits étant créé par la combinaison de la pluralité de premiers messages en réponse d'objet de droits reçus individuellement à partir de l'émetteur de droits respectif (610, 620, 630).
  14. Un système selon la Revendication 13, où le serveur mandataire est adapté de façon à exécuter une authentification du terminal mobile et une vérification des premiers messages en réponse d'objet de droits reçus à partir de la pluralité d'émetteurs de droits.
EP08157047.5A 2007-06-09 2008-05-28 Procédé et système d'acquisition d'un objet de droits Expired - Fee Related EP2018019B1 (fr)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020070056400A KR101434402B1 (ko) 2007-06-09 2007-06-09 휴대단말의 콘텐츠 권리객체 획득 방법 및 장치

Publications (2)

Publication Number Publication Date
EP2018019A1 EP2018019A1 (fr) 2009-01-21
EP2018019B1 true EP2018019B1 (fr) 2017-08-23

Family

ID=40032693

Family Applications (1)

Application Number Title Priority Date Filing Date
EP08157047.5A Expired - Fee Related EP2018019B1 (fr) 2007-06-09 2008-05-28 Procédé et système d'acquisition d'un objet de droits

Country Status (4)

Country Link
US (1) US9961549B2 (fr)
EP (1) EP2018019B1 (fr)
KR (1) KR101434402B1 (fr)
CN (1) CN101321168B (fr)

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101553834B1 (ko) * 2007-09-07 2015-10-01 삼성전자주식회사 멀티미디어 컨텐츠 및 그 메타 데이터 처리 방법 및 장치
KR101015891B1 (ko) * 2007-10-09 2011-02-23 한국전자통신연구원 Drm 상호호환성 제공 방법 및 이를 위한 drm 모듈
US8438113B2 (en) * 2010-01-25 2013-05-07 Richard Stahl Automated digital express gateway for licensing and acquiring rights and permissions for 3rd party copyrighted content
EP2555511B1 (fr) * 2010-04-02 2019-09-25 Samsung Electronics Co., Ltd Procédé et système de gestion d'une clé de chiffrement pour un service de diffusion
US9124906B2 (en) * 2010-06-11 2015-09-01 Disney Enterprises, Inc. System and method for simplifying discovery of content availability for a consumer
EP3754532A1 (fr) 2011-01-12 2020-12-23 Virtru Corporation Procédés et systèmes de distribution de données cryptographiques à des destinataires authentifiés
US10321383B2 (en) * 2013-05-10 2019-06-11 Cloudstreet Oy Managing wireless transmission capacity
US9525707B2 (en) * 2014-12-23 2016-12-20 Mcafee, Inc. Incident response tool using a data exchange layer system
US10599662B2 (en) 2015-06-26 2020-03-24 Mcafee, Llc Query engine for remote endpoint information retrieval
US10523646B2 (en) 2015-08-24 2019-12-31 Virtru Corporation Methods and systems for distributing encrypted cryptographic data
CN105997822A (zh) * 2016-07-11 2016-10-12 李俏梅 一种柚子皮制备的面膜粉及其制备方法
CN107993058A (zh) * 2016-10-27 2018-05-04 阿里巴巴集团控股有限公司 一种信息验证方法和系统及服务器
CN109065058B (zh) * 2018-09-30 2024-03-15 合肥鑫晟光电科技有限公司 语音通信方法、装置及系统
US11531777B2 (en) 2019-01-30 2022-12-20 Virtru Corporation Methods and systems for restricting data access based on properties of at least one of a process and a machine executing the process
JP7238558B2 (ja) * 2019-04-08 2023-03-14 富士フイルムビジネスイノベーション株式会社 認証仲介装置及び認証仲介プログラム

Family Cites Families (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7117180B1 (en) * 1994-11-23 2006-10-03 Contentguard Holdings, Inc. System for controlling the use of digital works using removable content repositories
US6983371B1 (en) * 1998-10-22 2006-01-03 International Business Machines Corporation Super-distribution of protected digital content
ATE552562T1 (de) 2000-11-10 2012-04-15 Aol Musicnow Llc Verteilungs und -abonnementsystem für digitalen inhalt
JP2002297945A (ja) 2001-03-30 2002-10-11 Nippon Telegr & Teleph Corp <Ntt> コンテンツ仲介方法及び装置、プログラム、記録媒体
US20030126086A1 (en) 2001-12-31 2003-07-03 General Instrument Corporation Methods and apparatus for digital rights management
AU2003223802A1 (en) * 2002-05-10 2003-11-11 Protexis Inc. System and method for multi-tiered license management and distribution using networked clearinghouses
US7089594B2 (en) 2003-07-21 2006-08-08 July Systems, Inc. Application rights management in a mobile environment
EP1686519A4 (fr) * 2003-11-21 2008-05-28 Matsushita Electric Ind Co Ltd Systeme d'acquisition d'autorisations, appareil serveur et appareil terminal
MXPA06010776A (es) 2004-03-22 2006-12-15 Samsung Electronics Co Ltd Autentificacion entre un dispositivo y un almacenamiento portatil.
KR101100391B1 (ko) * 2004-06-01 2012-01-02 삼성전자주식회사 휴대형 저장장치와 디바이스간에 디지털 저작권 관리를이용한 콘텐츠 재생방법 및 장치와, 이를 위한 휴대형저장장치
JP4921363B2 (ja) * 2004-08-14 2012-04-25 テレフオンアクチーボラゲット エル エム エリクソン(パブル) ソフトウエアプログラムの同期方法
CN100358287C (zh) * 2004-11-01 2007-12-26 华为技术有限公司 一种获取数字内容的方法
US20060230145A1 (en) 2005-04-08 2006-10-12 Microsoft Corporation Methods and systems for a multi-service federated content distribution network
CN101283540B (zh) * 2005-10-11 2013-02-13 Lg电子株式会社 在数字权限管理中共享权限对象的方法及其装置和系统
US8554927B2 (en) 2005-10-11 2013-10-08 Lg Electronics Inc. Method for sharing rights object in digital rights management and device and system thereof
CN100419772C (zh) * 2006-01-13 2008-09-17 华为技术有限公司 在数字版权管理系统中合并版权控制信息的方法及系统
US7555464B2 (en) * 2006-03-01 2009-06-30 Sony Corporation Multiple DRM management
US20080033992A1 (en) * 2006-08-03 2008-02-07 Microsoft Corporation Related Media Content Assets
EP1947587A1 (fr) * 2007-01-15 2008-07-23 Samsung Electronics Co., Ltd. Procédé d'acquisition d'objet de droits d'un terminal mobile dans un système de gestion des droits numériques
US8539543B2 (en) * 2007-04-12 2013-09-17 Microsoft Corporation Managing digital rights for multiple assets in an envelope

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"DRM Specification ; OMA-TS-DRM-DRM-V2_1-20060523-D(for CR0333)", INTERNET CITATION, no. 2.1, 23 May 2006 (2006-05-23), pages 1 - 142, XP064075436, Retrieved from the Internet <URL:ftp/Public_documents/DRM/2006/> [retrieved on 20060822] *

Also Published As

Publication number Publication date
KR20090003422A (ko) 2009-01-12
EP2018019A1 (fr) 2009-01-21
US20080307530A1 (en) 2008-12-11
KR101434402B1 (ko) 2014-08-27
CN101321168B (zh) 2015-01-21
CN101321168A (zh) 2008-12-10
US20180014196A9 (en) 2018-01-11
US9961549B2 (en) 2018-05-01

Similar Documents

Publication Publication Date Title
EP2018019B1 (fr) Procédé et système d&#39;acquisition d&#39;un objet de droits
US7617158B2 (en) System and method for digital rights management of electronic content
US8656156B2 (en) Method and terminal for authenticating between DRM agents for moving RO
US7415439B2 (en) Digital rights management in a mobile communications environment
US9160748B2 (en) Rights object acquisition method of mobile terminal in digital right management system
US9177112B2 (en) Method and device for communicating digital content
US20090217036A1 (en) Digital rights management
US20070168293A1 (en) Method and apparatus for authorizing rights issuers in a content distribution system
Messerges et al. Digital rights management in a 3G mobile phone and beyond
US20100017888A1 (en) Method, device and system for transferring license
AU2001290653B2 (en) A distributed digital rights network (DRN), and methods to access, operate and implement the same
US9135408B2 (en) Method and device for managing authorization of right object in digital rights managment
KR100623293B1 (ko) 콜백 메시지를 이용한 이동통신 단말기 가입자 인증 방법
CN101136751A (zh) 对用户域导入数字权限管理数据的方法
Tacken et al. Mobile DRM in pervasive networking environments

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20080528

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MT NL NO PL PT RO SE SI SK TR

AX Request for extension of the european patent

Extension state: AL BA MK RS

17Q First examination report despatched

Effective date: 20090226

AKX Designation fees paid

Designated state(s): DE GB NL

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: SAMSUNG ELECTRONICS CO., LTD.

REG Reference to a national code

Ref country code: DE

Ref legal event code: R079

Ref document number: 602008051723

Country of ref document: DE

Free format text: PREVIOUS MAIN CLASS: H04L0029060000

Ipc: G06F0021100000

GRAP Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOSNIGR1

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: GRANT OF PATENT IS INTENDED

RIC1 Information provided on ipc code assigned before grant

Ipc: G06F 21/10 20130101AFI20170324BHEP

Ipc: H04L 29/06 20060101ALI20170324BHEP

Ipc: H04W 12/08 20090101ALI20170324BHEP

INTG Intention to grant announced

Effective date: 20170412

GRAS Grant fee paid

Free format text: ORIGINAL CODE: EPIDOSNIGR3

GRAA (expected) grant

Free format text: ORIGINAL CODE: 0009210

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE PATENT HAS BEEN GRANTED

AK Designated contracting states

Kind code of ref document: B1

Designated state(s): DE GB NL

REG Reference to a national code

Ref country code: GB

Ref legal event code: FG4D

REG Reference to a national code

Ref country code: DE

Ref legal event code: R096

Ref document number: 602008051723

Country of ref document: DE

REG Reference to a national code

Ref country code: NL

Ref legal event code: MP

Effective date: 20170823

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: NL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20170823

REG Reference to a national code

Ref country code: DE

Ref legal event code: R097

Ref document number: 602008051723

Country of ref document: DE

PLBE No opposition filed within time limit

Free format text: ORIGINAL CODE: 0009261

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT

26N No opposition filed

Effective date: 20180524

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: DE

Payment date: 20200421

Year of fee payment: 13

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: GB

Payment date: 20200423

Year of fee payment: 13

REG Reference to a national code

Ref country code: DE

Ref legal event code: R119

Ref document number: 602008051723

Country of ref document: DE

GBPC Gb: european patent ceased through non-payment of renewal fee

Effective date: 20210528

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: GB

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20210528

Ref country code: DE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20211201